diff --git a/tinyfilemanager.php b/tinyfilemanager.php index 7949a6f..52f6287 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -235,8 +235,8 @@ if (isset($_SESSION[FM_SESSION_ID]['logged']) && !empty($directories_users[$_SES $root_url = fm_clean_path($root_url); // abs path for site -defined('FM_ROOT_URL') || define('FM_ROOT_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . (!empty($root_url) ? '/' . $root_url : '')); -defined('FM_SELF_URL') || define('FM_SELF_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . $_SERVER['PHP_SELF']); +defined('FM_ROOT_URL') || define('FM_ROOT_URL', ($is_https ? 'https' : 'http').'://'.$http_host.(!empty($root_url) ? '/'.$root_url : '')); +defined('FM_SELF_URL') || define('FM_SELF_URL', ($is_https ? 'https' : 'http').'://'.$http_host.$_SERVER['PHP_SELF']); // logout if (isset($_GET['logout'])) { @@ -277,7 +277,7 @@ if ($ip_ruleset != 'OFF') { } if($proceed == false){ - trigger_error('User connection denied from: ' . $clientIp, E_USER_WARNING); + trigger_error('User connection denied from: '.$clientIp, E_USER_WARNING); if($ip_silent == false){ fm_set_msg(lng('Access denied. IP restriction applicable'), 'error'); @@ -299,11 +299,11 @@ if ($use_auth) { if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); - fm_redirect(FM_ROOT_URL . $_SERVER['REQUEST_URI']); + fm_redirect(FM_ROOT_URL.$_SERVER['REQUEST_URI']); } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); - fm_redirect(FM_ROOT_URL . $_SERVER['REQUEST_URI']); + fm_redirect(FM_ROOT_URL.$_SERVER['REQUEST_URI']); } } else { fm_set_msg(lng('password_hash not supported, Upgrade PHP version'), 'error'); @@ -396,7 +396,7 @@ define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\'); // always use ?p= if (!isset($_GET['p']) && empty($_FILES)) { - fm_redirect(FM_SELF_URL . '?p='); + fm_redirect(FM_SELF_URL.'?p='); } // get path @@ -442,21 +442,21 @@ if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_I // get current path $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } // check path if (!is_dir($path)) { - fm_redirect(FM_SELF_URL . '?p='); + fm_redirect(FM_SELF_URL.'?p='); } $file = $_GET['edit']; $file = fm_clean_path($file); $file = str_replace('/', '', $file); - if ($file == '' || !is_file($path . '/' . $file)) { + if ($file == '' || !is_file($path.'/'.$file)) { fm_set_msg(lng('File not found'), 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } header('X-XSS-Protection:0'); - $file_path = $path . '/' . $file; + $file_path = $path.'/'.$file; $writedata = $_POST['content']; $fd = fopen($file_path, "w"); @@ -472,20 +472,20 @@ if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_I // backup files if (isset($_POST['type']) && $_POST['type'] == "backup" && !empty($_POST['file'])) { $fileName = fm_clean_path($_POST['file']); - $fullPath = FM_ROOT_PATH . '/'; + $fullPath = FM_ROOT_PATH.'/'; if (!empty($_POST['path'])) { $relativeDirPath = fm_clean_path($_POST['path']); $fullPath .= "{$relativeDirPath}/"; } $date = date("dMy-His"); $newFileName = "{$fileName}-{$date}.bak"; - $fullyQualifiedFileName = $fullPath . $fileName; + $fullyQualifiedFileName = $fullPath.$fileName; try { if (!file_exists($fullyQualifiedFileName)) { throw new Exception("File {$fileName} not found"); } - if (copy($fullyQualifiedFileName, $fullPath . $newFileName)) { + if (copy($fullyQualifiedFileName, $fullPath.$newFileName)) { echo "Backup {$newFileName} created"; } else { throw new Exception("Could not copy file {$fileName}"); @@ -547,7 +547,7 @@ if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_I if(isset($_POST['type']) && $_POST['type'] == "upload" && !empty($_REQUEST["uploadurl"])) { $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } function event_callback($message) { @@ -639,10 +639,10 @@ if (isset($_GET['del'], $_POST['token']) && !FM_READONLY) { if ($del != '' && $del != '..' && $del != '.' && verifyToken($_POST['token'])) { $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } - $is_dir = is_dir($path . '/' . $del); - if (fm_rdelete($path . '/' . $del)) { + $is_dir = is_dir($path.'/'.$del); + if (fm_rdelete($path.'/'.$del)) { $msg = $is_dir ? lng('Folder').' %s '.lng('Deleted') : lng('File').' %s '.lng('Deleted'); fm_set_msg(sprintf($msg, fm_enc($del))); } else { @@ -652,7 +652,7 @@ if (isset($_GET['del'], $_POST['token']) && !FM_READONLY) { } else { fm_set_msg(lng('Invalid file or folder name'), 'error'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Create a new file/folder @@ -662,12 +662,12 @@ if (isset($_POST['newfilename'], $_POST['newfile'], $_POST['token']) && !FM_READ if (fm_isvalid_filename($new) && $new != '' && $new != '..' && $new != '.' && verifyToken($_POST['token'])) { $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } if ($type == "file") { - if (!file_exists($path . '/' . $new)) { + if (!file_exists($path.'/'.$new)) { if(fm_is_valid_ext($new)) { - @fopen($path . '/' . $new, 'w') or exit('Cannot open file: ' . $new); + @fopen($path.'/'.$new, 'w') or exit('Cannot open file: '.$new); fm_set_msg(sprintf(lng('File').' %s '.lng('Created'), fm_enc($new))); } else { fm_set_msg(lng('File extension is not allowed'), 'error'); @@ -676,9 +676,9 @@ if (isset($_POST['newfilename'], $_POST['newfile'], $_POST['token']) && !FM_READ fm_set_msg(sprintf(lng('File').' %s '.lng('already exists'), fm_enc($new)), 'alert'); } } else { - if (fm_mkdir($path . '/' . $new, false) === true) { + if (fm_mkdir($path.'/'.$new, false) === true) { fm_set_msg(sprintf(lng('Folder').' %s '.lng('Created'), $new)); - } elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) { + } elseif (fm_mkdir($path.'/'.$new, false) === $path.'/'.$new) { fm_set_msg(sprintf(lng('Folder').' %s '.lng('already exists'), fm_enc($new)), 'alert'); } else { fm_set_msg(sprintf(lng('Folder').' %s '.lng('not created'), fm_enc($new)), 'error'); @@ -687,7 +687,7 @@ if (isset($_POST['newfilename'], $_POST['newfile'], $_POST['token']) && !FM_READ } else { fm_set_msg(lng('Invalid characters in file or folder name'), 'error'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Copy folder / file @@ -698,22 +698,22 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { // empty path if ($copy == '') { fm_set_msg(lng('Source path not defined'), 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // abs path from - $from = FM_ROOT_PATH . '/' . $copy; + $from = FM_ROOT_PATH.'/'.$copy; // abs path to $dest = FM_ROOT_PATH; if (FM_PATH != '') { - $dest .= '/' . FM_PATH; + $dest .= '/'.FM_PATH; } - $dest .= '/' . basename($from); + $dest .= '/'.basename($from); // move? $move = isset($_GET['move']); $move = fm_clean_path(urldecode($move)); // copy/move/duplicate if ($from != $dest) { - $msg_from = trim(FM_PATH . '/' . basename($from), '/'); + $msg_from = trim(FM_PATH.'/'.basename($from), '/'); if ($move) { // Move and to != from so just perform move $rename = fm_rename($from, $dest); if ($rename) { @@ -732,7 +732,7 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { } } else { if (!$move){ //Not move and to = from so duplicate - $msg_from = trim(FM_PATH . '/' . basename($from), '/'); + $msg_from = trim(FM_PATH.'/'.basename($from), '/'); $fn_parts = pathinfo($from); $extension_suffix = ''; if(!is_dir($from)){ @@ -758,7 +758,7 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { fm_set_msg(lng('Paths must be not equal'), 'alert'); } } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Mass copy files/ folders @@ -771,22 +771,22 @@ if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['token']) // from $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } // to $copy_to_path = FM_ROOT_PATH; $copy_to = fm_clean_path($_POST['copy_to']); if ($copy_to != '') { - $copy_to_path .= '/' . $copy_to; + $copy_to_path .= '/'.$copy_to; } if ($path == $copy_to_path) { fm_set_msg(lng('Paths must be not equal'), 'alert'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } if (!is_dir($copy_to_path)) { if (!fm_mkdir($copy_to_path, true)) { fm_set_msg('Unable to create destination folder', 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } } // move? @@ -799,9 +799,9 @@ if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['token']) if ($f != '') { $f = fm_clean_path($f); // abs path from - $from = $path . '/' . $f; + $from = $path.'/'.$f; // abs path to - $dest = $copy_to_path . '/' . $f; + $dest = $copy_to_path.'/'.$f; // do if ($move) { $rename = fm_rename($from, $dest); @@ -825,7 +825,7 @@ if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['token']) } else { fm_set_msg(lng('Nothing selected'), 'alert'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Rename @@ -844,19 +844,19 @@ if (isset($_POST['rename_from'], $_POST['rename_to'], $_POST['token']) && !FM_RE // path $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } // rename if (fm_isvalid_filename($new) && $old != '' && $new != '') { - if (fm_rename($path . '/' . $old, $path . '/' . $new)) { - fm_set_msg(sprintf(lng('Renamed from').' %s '. lng('to').' %s', fm_enc($old), fm_enc($new))); + if (fm_rename($path.'/'.$old, $path.'/'.$new)) { + fm_set_msg(sprintf(lng('Renamed from').' %s '.lng('to').' %s', fm_enc($old), fm_enc($new))); } else { - fm_set_msg(sprintf(lng('Error while renaming from').' %s '. lng('to').' %s', fm_enc($old), fm_enc($new)), 'error'); + fm_set_msg(sprintf(lng('Error while renaming from').' %s '.lng('to').' %s', fm_enc($old), fm_enc($new)), 'error'); } } else { fm_set_msg(lng('Invalid characters in file name'), 'error'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Download @@ -870,14 +870,14 @@ if (isset($_GET['dl'], $_POST['token'])) { $dl = str_replace('/', '', $dl); $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } - if ($dl != '' && is_file($path . '/' . $dl)) { - fm_download_file($path . '/' . $dl, $dl, 1024); + if ($dl != '' && is_file($path.'/'.$dl)) { + fm_download_file($path.'/'.$dl, $dl, 1024); exit; } else { fm_set_msg(lng('File not found'), 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } } @@ -902,7 +902,7 @@ if (!empty($_FILES) && !FM_READONLY) { $path = FM_ROOT_PATH; $ds = DIRECTORY_SEPARATOR; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } $errors = 0; @@ -926,14 +926,14 @@ if (!empty($_FILES) && !FM_READONLY) { echo json_encode($response); exit(); } - $targetPath = $path . $ds; + $targetPath = $path.$ds; if (is_writable($targetPath)) { - $fullPath = $path . '/' . basename($fullPathInput); + $fullPath = $path.'/'.basename($fullPathInput); $folder = substr($fullPath, 0, strrpos($fullPath, "/")); if(file_exists ($fullPath) && !$override_file_name && !$chunks) { $ext_1 = $ext ? '.'.$ext : ''; - $fullPath = $path . '/' . basename($fullPathInput, $ext_1) .'_'. date('ymdHis'). $ext_1; + $fullPath = $path.'/'.basename($fullPathInput, $ext_1).'_'.date('ymdHis').$ext_1; } if (!is_dir($folder)) { @@ -1019,7 +1019,7 @@ if (isset($_POST['group'], $_POST['delete'], $_POST['token']) && !FM_READONLY) { $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } $errors = 0; @@ -1027,7 +1027,7 @@ if (isset($_POST['group'], $_POST['delete'], $_POST['token']) && !FM_READONLY) { if (is_array($files) && count($files)) { foreach ($files as $f) { if ($f != '') { - $new_path = $path . '/' . $f; + $new_path = $path.'/'.$f; if (!fm_rdelete($new_path)) { $errors++; } @@ -1042,7 +1042,7 @@ if (isset($_POST['group'], $_POST['delete'], $_POST['token']) && !FM_READONLY) { fm_set_msg(lng('Nothing selected'), 'alert'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Pack files zip, tar @@ -1055,7 +1055,7 @@ if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_ $path = FM_ROOT_PATH; $ext = 'zip'; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } //set pack type @@ -1063,7 +1063,7 @@ if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_ if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { fm_set_msg(lng('Operations with archives are not available'), 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } $files = $_POST['file']; @@ -1073,9 +1073,9 @@ if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_ if (count($files) == 1) { $one_file = reset($files); $one_file = basename($one_file); - $zipname = $one_file . '_' . date('ymd_His') . '.'.$ext; + $zipname = $one_file.'_'.date('ymd_His').'.'.$ext; } else { - $zipname = 'archive_' . date('ymd_His') . '.'.$ext; + $zipname = 'archive_'.date('ymd_His').'.'.$ext; } if($ext == 'zip') { @@ -1095,7 +1095,7 @@ if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_ fm_set_msg(lng('Nothing selected'), 'alert'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Unpack zip, tar @@ -1112,11 +1112,11 @@ if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) { $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } - if ($unzip != '' && is_file($path . '/' . $unzip)) { - $zip_path = $path . '/' . $unzip; + if ($unzip != '' && is_file($path.'/'.$unzip)) { + $zip_path = $path.'/'.$unzip; $ext = pathinfo($zip_path, PATHINFO_EXTENSION); $isValid = true; } else { @@ -1125,7 +1125,7 @@ if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) { if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { fm_set_msg(lng('Operations with archives are not available'), 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } if ($isValid) { @@ -1133,8 +1133,8 @@ if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) { $tofolder = ''; if (isset($_POST['tofolder'])) { $tofolder = pathinfo($zip_path, PATHINFO_FILENAME); - if (fm_mkdir($path . '/' . $tofolder, true)) { - $path .= '/' . $tofolder; + if (fm_mkdir($path.'/'.$tofolder, true)) { + $path .= '/'.$tofolder; } } @@ -1163,7 +1163,7 @@ if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) { } else { fm_set_msg(lng('File not found'), 'error'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } // Change Perms (not for Windows) @@ -1175,15 +1175,15 @@ if (isset($_POST['chmod'], $_POST['token']) && !FM_READONLY && !FM_IS_WIN) { $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } $file = $_POST['chmod']; $file = fm_clean_path($file); $file = str_replace('/', '', $file); - if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) { + if ($file == '' || (!is_file($path.'/'.$file) && !is_dir($path.'/'.$file))) { fm_set_msg(lng('File not found'), 'error'); - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } $mode = 0; @@ -1215,13 +1215,13 @@ if (isset($_POST['chmod'], $_POST['token']) && !FM_READONLY && !FM_IS_WIN) { $mode |= 0001; } - if (@chmod($path . '/' . $file, $mode)) { + if (@chmod($path.'/'.$file, $mode)) { fm_set_msg(lng('Permissions changed')); } else { fm_set_msg(lng('Permissions not changed'), 'error'); } - $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); + $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL.'?p='.urlencode($FM_PATH)); } /*************************** ACTIONS ***************************/ @@ -1229,12 +1229,12 @@ if (isset($_POST['chmod'], $_POST['token']) && !FM_READONLY && !FM_IS_WIN) { // get current path $path = FM_ROOT_PATH; if (FM_PATH != '') { - $path .= '/' . FM_PATH; + $path .= '/'.FM_PATH; } // check path if (!is_dir($path)) { - fm_redirect(FM_SELF_URL . '?p='); + fm_redirect(FM_SELF_URL.'?p='); } // get parent folder @@ -1252,7 +1252,7 @@ if (is_array($objects) && fm_is_exclude_items($current_path)) { if (!FM_SHOW_HIDDEN && substr($file, 0, 1) === '.') { continue; } - $new_path = $path . '/' . $file; + $new_path = $path.'/'.$file; if (@is_file($new_path) && fm_is_exclude_items($file)) { $files[] = $file; } elseif (@is_dir($new_path) && $file != '.' && $file != '..' && fm_is_exclude_items($file)) { @@ -1304,7 +1304,7 @@ if (isset($_GET['upload']) && !FM_READONLY) { :
-